Okay, after wrangling with the download (it doesnâ€™t work in Firefox or Opera regardless of firewall, you may want to investigate that), Iâ€™ve got a copy of the package. However, the events that the documentation covers seem to only cover filters during pageserves. Now, while itâ€™s possible to hook in HTMLPurifier at that point in time, the library is not fast, and it would be better if it was used on form submission. (or, if you have a caching system that I donâ€™t know about, that works too). Any pointers?

..However, the events that the documentation covers seem to only cover filters during pageserves. Now, while itâ€™s possible to hook in HTMLPurifier at that point in time, the library is not fast, and it would be better if it was used on form submission. (or, if you have a caching system that I donâ€™t know about, that works too). Any pointers?

Also, you can see all the available events by creating a new plugin and viewing "System Events" tab. I know the documentation isnâ€™t very well detailed at this stage, but there is a reason for this too. The developing pace of this project has been extremely fast and the documentation has not just followed the same pace. There is also a total rewrite going on behind the scenes currently and you can imagine that thereâ€™s not alot of extra energy to write a documentation at this time knowing that it will be outdated in the near future. But with the next release, there will be (along with other documentation) extensive developers documentation built straight from the source, so itâ€™s all being worked on. The future version is using XPDO ORM layer (also built by MODx core team member) and that will give you some idea where this project is going..

I donâ€™t know what would be the best event/events to implement the HTMLPurifier plugin, but I know that OnDocFormSave is not the best, because at this point none of the chunks/snippets/etc have not returned their output. I guess OnCacheUpdate could be one place to "purify" cached pages. OnParseDocument would be done at every page render, but as you say, it might be too much overhead.. So maybe someone with more knowledge on inner workings can give you a better answer.

Anyways.. hereâ€™s a list of sytem events from 0.9.2.1, some new are coming in 0.9.5 and Ryan even said that new event for this purpose could be squeezed in if needed (altought, I think that there is allready enought events to choose from..)
Template Service Events
OnDocPublished
OnDocUnPublished
OnLoadWebDocument
OnParseDocument
OnWebPageInit
OnWebPagePrerender
Cache Service Events
OnBeforeCacheUpdate
OnBeforeSaveWebPageCache
OnCacheUpdate
OnLoadWebPageCache
Web Access Service Events
OnBeforeWebLogin
OnBeforeWebLogout
OnWebAuthentication
OnWebChangePassword
OnWebCreateGroup
OnWebDeleteUser
OnWebLogin
OnWebLogout
OnWebSaveUser

I donâ€™t know what would be the best event/events to implement the HTMLPurifier plugin, but I know that OnDocFormSave is not the best, because at this point none of the chunks/snippets/etc have not returned their output.

That might be a good thing. While Iâ€™ve tried to make HTMLPurifier as permissive as possible, there are certain HTML elements it will never support: FORM (and friends), OBJECT, EMBED, IFRAME, etc. Since snippets and chunks are highly trusted, we may want to let them bypass the filtering process. Their syntax is primarily compatible, although the ampersands may be a PITA to handle (theyâ€™ll all get escaped).

What precisely is expected user input, and what kinds of HTML do snippets and chunks use? If snippets/chunks need to bypass the filter, weâ€™d want to put HTMLPurifier before them, but if their output is basically the same, we can put HTMLPuriifer after, perhaps on the cache event.

Besides all that, Iâ€™m still not precisely sure how the plugin structure works (from what I gather, itâ€™s a snippet thatâ€™s directly copypasted onto your index.php).

Perhaps so, considering the state of the documentation. People are posting code willy nilly, but where precisely does it all go? The plugin directory? A new module? I donâ€™t see the word Plugin mentioned at all in the Content Manager, is it equivalent to module?

Sorry about my ignorance. It takes me a little while to grasp third-party applications, especially big ones. Iâ€™ve never seen anything like Modx before (and that, in a way, is a good thing ;-)